package com.springsecurity.config;

import com.springsecurity.handler.MyAccessDeniedHandler;
import com.springsecurity.handler.MyAuthenticationFailureHandler;
import com.springsecurity.handler.MyAuthenticationSuccessHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.annotation.Resource;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    MyAccessDeniedHandler myAccessDeniedHandler;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
        //ktjiaoyu =====> 123456登录
        // auth.inMemoryAuthentication().withUser("ktjiaoyu").password("123456").roles("admin");
        //ktjiaoyu =====>注入PasswordEncoder 之后,加密密码登录
        //auth.inMemoryAuthentication().withUser("ktjiaoyu").password(new BCryptPasswordEncoder().encode("123456")).roles("admin");
    }
    //注入密码加密实例

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                // 当发现/doLogin时认为是登录提交请求，就进行放行(不配置请求就  进入不到doLogin所对应方法中)，
                // 其值要求和login.html登录页面中表单的action值保持一致
                .loginPage("/login.html") //设置登录页面
                .loginProcessingUrl("/doLogin")
                //.successForwardUrl("/main") //设置默认登录成功页面
                //.failureForwardUrl("/error.html").permitAll() //错误页面
                .successHandler(new MyAuthenticationSuccessHandler("/main"))//设置默认登录成功处理器
                .failureHandler(new MyAuthenticationFailureHandler("/error.html")) //认证失败的处理器
                .and()
                .authorizeRequests()
                //放行静态资源,支持regexMatchers正则表达式写法
                .antMatchers("/","/login","/403.html","/error.html","/js/**","/images/**").permitAll()
                .regexMatchers(".+[.]css").permitAll()
                //.antMatchers("/toAdmin").hasAuthority("L02")
                //.antMatchers("/toAdmin").hasRole()
                //.antMatchers("/toAdmin").hasAnyAuthority("admin","normal") //多个权限
                //.antMatchers("/toAdmin").hasAnyRole("role1","role2") //单个|多个角色
                //hasIpAddress("127.0.0.1") //根据IP地址判断
                // anyRequest()为所有的请求， authenticated()表示登录认证后 即所有请求都必须被登录认证后才能进行访问
                .anyRequest().authenticated()
            ;

        http.csrf().disable();
        //403
       // http.exceptionHandling().accessDeniedPage("/403.html");
        http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);
    }
}
